ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Unsolved PowerShell AD Properties

    IT Discussion
    powershell scripting windows get-aduser active directory
    4
    6
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GreyG
      Grey
      last edited by scottalanmiller

      The following is supposed to output all the things:
      Get-ADUser Grey| get-adobject -server the_DC -Properties *

      The only item missing is where I logged in. How do I get that tidbit out?

      travisdh1T 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        Are you sure AD stores that centrally? Looks like there is no option but to loop through the machines to do it.

        $Computers =  Get-ADComputer  -Filter {(enabled -eq "true") -and (OperatingSystem -Like "*XP*")} | Select-Object -ExpandProperty Name
$output=@()
ForEach($PSItem in $Computers) {
    $User = Get-CimInstance Win32_ComputerSystem -ComputerName $PSItem | Select-Object -ExpandProperty UserName
    $Obj = New-Object -TypeName PSObject -Property @{
        "Computer" = $PSItem
        "User" = $User
    }
$output+=$Obj    
}

$output

        https://social.technet.microsoft.com/Forums/office/en-US/d69d41c4-a3df-4472-ade0-f51ec2e2a2e0/powershell-find-computers-that-a-specific-us-is-logged-on?forum=winservergen

        GreyG 1 Reply Last reply Reply Quote 0
        • travisdh1T
          travisdh1 @Grey
          last edited by

          @Grey Don't you have to turn on extra logging to get that centrally? I'd hate to have to hit each endpoint to grab that bit of information like @scottalanmiller already pointed out.

          GreyG 1 Reply Last reply Reply Quote 0
          • GreyG
            Grey @scottalanmiller
            last edited by Grey

            @scottalanmiller said in PowerShell AD Properties:

            Are you sure AD stores that centrally? Looks like there is no option but to loop through the machines to do it.

            $Computers =  Get-ADComputer  -Filter {(enabled -eq "true") -and (OperatingSystem -Like "*XP*")} | Select-Object -ExpandProperty Name
$output=@()
ForEach($PSItem in $Computers) {
    $User = Get-CimInstance Win32_ComputerSystem -ComputerName $PSItem | Select-Object -ExpandProperty UserName
    $Obj = New-Object -TypeName PSObject -Property @{
        "Computer" = $PSItem
        "User" = $User
    }
$output+=$Obj    
}

$output

            https://social.technet.microsoft.com/Forums/office/en-US/d69d41c4-a3df-4472-ade0-f51ec2e2a2e0/powershell-find-computers-that-a-specific-us-is-logged-on?forum=winservergen

            Yeah, I saw that, too. I was hoping to avoid crawling each workstation. I've seen where some people are using a logon script to dump the user detail and timestamp to a globally accessible file. That's ... less than ideal.

            1 Reply Last reply Reply Quote 1
            • GreyG
              Grey @travisdh1
              last edited by Grey

              @travisdh1 said in PowerShell AD Properties:

              @Grey Don't you have to turn on extra logging to get that centrally? I'd hate to have to hit each endpoint to grab that bit of information like @scottalanmiller already pointed out.

              Yes, it's in GPO, and it's turned on. The logs go to the event manager for each workstation, though. There's a separate log in the DC for a user authentication event.

              1 Reply Last reply Reply Quote 1
              • ObsolesceO
                Obsolesce
                last edited by

                PowerShell Empire has some good modules that will do all that 😉
                Check out BloodHound.

                1 Reply Last reply Reply Quote 1
                • 1 / 1
                • First post
                  Last post